Asia Must Take Bold Action to Realize Full Potential – Asia 2050 Book

TOKYO, JAPAN – Asia’s leaders must take bold, innovative action to sustain rapid growth and tackle growing inequalities, as well as address environmental challenges and the rising tide of urbanization if the region is to reach its full potential by the middle of this century, says a new book commissioned by the Asian Development Bank (ADB).

Asia 2050 – Realizing the Asian Century challenges the perception that Asia’s rapid rise is inevitable. It urges leaders from the region, which is home to over half of the world’s population, to confront a number of longer-term challenges if Asians are to take their place among the ranks of the affluent in Europe and North America. The study contends that Asia’s continued rise is plausible, but by no means pre-ordained.

The book warns that fast-growing economies like the People’s Republic of China, India, Viet Nam, and Indonesia could fall victim to the “middle-income trap”.

“Prosperity is earned. Asia has indeed done well over the past 40 years. Let us work together to ensure we stay on the path over the next 40 years,” said ADB President Haruhiko Kuroda in launching the book at a seminar in Tokyo organized by the Emerging Market Forum and hosted by the Japan Bank for International Cooperation (JBIC).

Mr. Kuroda stressed that regional cooperation and integration are central to Asian prosperity. Greater cooperation can help protect hard-won economic gains from external shocks and strengthen its voice in an ever evolving global system.

Improving governance and strengthening institutional architecture, which are Achilles heels for development, must also be high on the policy agenda. An expanding middle class, the communications revolution, and changing demographics will exert pressure on governments to demonstrate greater transparency, predictability, accountability, and enforceability in their decision-making. In turn, this will strengthen the policy and governance foundations of Asia’s economic growth.

As Asia’s affluence rises, competition for the world’s finite natural resources will become increasingly intense.

“How we handle vital resources such as water and food will determine whether we stay on the path of economic growth and development, or stumble into conflicts of scarcity,” said Mr. Kuroda. “Asia must take radical steps now toward investing in innovation and clean technology. This will ensure that our quest for prosperity for all does not end in environmental gridlock.”

Asia’s re-emergence as an economic powerhouse will bring with it new responsibilities, particularly in helping to manage the global commons, such as free trade, climate change mitigation, and financial stability.

“As an emerging leader, Asia must lead by example, by being a responsible global citizen,” Mr. Kuroda concluded.

WHEN people in rich countries worry about migration, they tend to think of low-paid incomers who compete for jobs as construction workers, dishwashers or farmhands. When people in developing countries worry about migration, they are usually concerned at the prospect of their best and brightest decamping to Silicon Valley or to hospitals and universities in the developed world. These are the kind of workers that countries like Britain, Canada and Australia try to attract by using immigration rules that privilege college graduates.

Lots of studies have found that well-educated people from developing countries are particularly likely to emigrate. By some estimates, two-thirds of highly educated Cape Verdeans live outside the country. A big survey of Indian households carried out in 2004 asked about family members who had moved abroad. It found that nearly 40% of emigrants had more than a high-school education, compared with around 3.3% of all Indians over the age of 25. This “brain drain” has long bothered policymakers in poor countries. They fear that it hurts their economies, depriving them of much-needed skilled workers who could have taught at their universities, worked in their hospitals and come up with clever new products for their factories to make.

Many now take issue with this view (see article). Several economists reckon that the brain-drain hypothesis fails to account for the effects of remittances, for the beneficial effects of returning migrants, and for the possibility that being able to migrate to greener pastures induces people to get more education. Some argue that once these factors are taken into account, an exodus of highly skilled people could turn out to be a net benefit to the countries they leave. Recent studies of migration from countries as far apart as Ghana, Fiji, India and Romania have found support for this “brain gain” idea.

The most obvious way in which migrants repay their homelands is through remittances. Workers from developing countries remitted a total of $325 billion in 2010, according to the World Bank. In Lebanon, Lesotho, Nepal, Tajikistan and a few other places, remittances are more than 20% of GDP. A skilled migrant may earn several multiples of what his income would have been had he stayed at home. A study of Romanian migrants to America found that the average emigrant earned almost $12,000 a year more in America than he would have done in his native land, a huge premium for someone from a country where income per person is around $7,500 (at market exchange rates).

It is true that many skilled migrants have been educated and trained partly at the expense of their (often cash-strapped) governments. Some argue that poor countries should therefore rethink how much they spend on higher education. Indians, for example, often debate whether their government should continue to subsidise the Indian Institutes of Technology (IITs), its elite engineering schools, when large numbers of IIT graduates end up in Silicon Valley or on Wall Street. But a new study of remittances sent home by Ghanaian migrants suggests that on average they transfer enough over their working lives to cover the amount spent on educating them several times over. The study finds that once remittances are taken into account, the cost of education would have to be 5.6 times the official figure to make it a losing proposition for Ghana.

There are more subtle ways in which the departure of some skilled people may aid poorer countries. Some emigrants would have been jobless had they stayed. Studies have found that unemployment rates among young people with college degrees in countries like Morocco and Tunisia are several multiples of those among the poorly educated, perhaps because graduates are more demanding. Migration may lead to a more productive pairing of people’s skills and jobs. Some of the benefits of this improved match then flow back to the migrant’s home country, most directly via remittances.

The possibility of emigration may even have beneficial effects on those who choose to stay, by giving people in poor countries an incentive to invest in education. A study of Cape Verdeans finds that an increase of ten percentage points in young people’s perceived probability of emigrating raises the probability of their completing secondary school by around eight points. Another study looks at Fiji. A series of coups beginning in 1987 was seen by Fijians of Indian origin as permanently harming their prospects in the country by limiting their share of government jobs and political power. This set off a wave of emigration. Yet young Indians in Fiji became more likely to go to university even as the outlook at home dimmed, in part because Australia, Canada and New Zealand, three of the top destinations for Fijians, put more emphasis on attracting skilled migrants. Since some of those who got more education ended up staying, the skill levels of the resident Fijian population soared.

Passport to riches Migrants can also affect their home country directly. In a recent book about the Indian diaspora, Devesh Kapur of the University of Pennsylvania argues that Indians in Silicon Valley helped shape the regulatory structure for India’s home-grown venture-capital industry. He also argues that these people helped Indian software companies break into the American market by vouching for their quality. Finally, migrants may return home, often with skills that would have been hard to pick up had they never gone abroad. The study of Romanian migrants found that returnees earned an average of 12-14% more than similar people who had stayed at home. Letting educated people go where they want looks like the brainy option.

Meeting ASP Koh in 1995, 1997 and 2005
In all honesty, I only met ASP (Retd) Stephen Koh three times in my life.

First in September 1995, as a 19-year-old recruit at the Singapore Police Academy (Thomson Road) – whilst performing cleaning duties near his “adopted” pond outside the Academy mess, where he reared his prized fish. I remember trainers warning us as we cleaned the pond that if any one of the fishes died, our fate would lie in the hands of ASP Koh. When I told him this, he just laughed.

Next, at his office in May 1997, when interviewing him as a national service police reporter, months before his retirement from the Force. This too, after much persuasion from Supt (Retd) Chin Fook Leong, his close friend, and the then Deputy Director of Police Public Affairs Department. He only allowed us to feature him in a new profile section of Police Life Monthly if he kept the story simple and focused on him rather than his achievements.

And the last, in December 2005, as a reservist, working on a documentary entitled: “My Police Academy: 1929 – 2005”, paying tribute to the Thomson Road Academy as it closed its training doors before shifting to the new Home Team Academy in Choa Chu Kang.

On all three occasions, though, the impression he left on me and my peers go beyond what words can describe.

ASP Koh – the decorated officer
So who is ASP Koh, you ask?

ASP Koh, was Officer in Charge (OC) of the Police Tactical Team (PTT). During the early days, the PTT was a motley crew of officers from the eight troops in SOC, a band of volunteers who served even on their off days for a monthly allowance of $50. “My success was due to these volunteers. We were like family and I gave them fatherly advice when I could,” ASP Koh told us.

The PTT was re-organised in 1993 into the Special Tactics and Rescue (STAR) team with a dedicated armed response team under the Special Operations Command.

When we first interviewed him in 1997, he was hesitant to allow us to acknowledge this – more out of humility than anything else but today, we can safely say that ASP Koh is also the man who shot the notorious gunman Lim Keng Peng aka Ah Huat, who had earlier killed a restaurant owner. Ah Huat also shot PC 3649 Goh Ah Khia on 18 December 1985 at Jalan Pelikat – PC Goh passed away in hospital a few hours later.

When relating the fateful day when the officers met Ah Huat once again in a 1988 shoot-out, he said: “Yes, I did face situations in which some officers would have gone weak in the knees. If I said I was not afraid then, I would be a liar. But I guess it’s the training that steels your nerves.”

He recalled how, during the hostage bus situation, Ah Huat and another gunman seized two ladies and shot the bus driver. ASP Koh had three seconds to make his decision and from a distance of 40 – 50 feet, he immobilised Ah Huat. The bullet hit the windscreen, split into two and struck the gunman in the arm and the core of the bullet injured his chest. “I guess luck was not on his side,” ASP Koh said wryly.

For his bravery, he and other police officers were commended by the then-President Wee Kim Wee and he was promoted from Inspector to Assistant Superintendent of Police.

Leading by example
On paper, these were ASP Koh’s accomplishments acquired through his 35-year uniformed career.

But the deepest impressions he left on me were the philosophies he spouted during our brief conversations. A staunch believer in leading by example, ASP Koh always encouraged esprit de corps among his officers.

“I believe a policeman’s life is very precious. If anyone has to die it should be me. A commander’s responsibility is to ensure that every person is accounted for and no unnecessary risk is taken,” says ASP Koh.

Tough-guy Cop
He also shared with us how, during his early days with PTT as volunteers they trained with the Armed Forces, and learnt rappelling techniques from seasoned foreign officers. Volunteer or regular, for him, it was no guts, no glory and the pursuit of excellence.

Recalled Course Manager SSgt Eric Phoon, his former colleague at PTT: “Even though we were not professionals in those days, he would practise new rapelling techniques on his own. I remember once after we came back from a Commando course, we showed him and he did it without a second thought. He has suffered numerous injuries in his time, and recently went for an operation.”

A Humble Officer
He heartily recalled his humble beginnings as a police constable in 1962, and his days as a trainee at the Academy. During those times, recruits were issued a wooden box instead of a cupboard to store their police gear, and when policemen wore khaki shorts instead of the blues we see today.

“I was a trainee in 1962. SI SaSa once caught me whistling at women police officers and as punishment, I had to stay in for three solid weekends. My task was to push a wheelbarrow of cleaning gear up this hill with Sgt Hassan, as we scrubbed and cleaned the Academy grounds. I will never forget that,” he recalled.

Goodbye ASP Koh! An SPF legend has checked out of duty … As we pay our last respects, say our goodbyes and bid farewell to ASP Koh whether in individual silence or in uniformed unity, we salute this classic tough-guy cop and thank him for putting his life on the line time and again for fellow Singaporeans.

In the same breath, we salute past, current and future officers – identified or unnamed – for serving the nation and keeping crime at bay.

ASP Koh – as Ms Kittybond Koo, Deputy Director, Ministry of Home Affairs Heritage Development Unit, aptly describes: “an SPF legend has officially checked out of duty” and now leaves behind a legacy for the next generation.

Cortege Details
ASP Koh is now resting at Church of St Mary of the Angels, Bukit Batok East Ave 2, opposite Bukit Batok Park. Cortege leaves on Wednesday, 3 March 2010 @ 1.30pm.

Nisar Keshvani is a consultant, educator and journalist. During his National Service (1996 – 1998), he was Police Life writer.

—– ENDS —–

ASP (Retd) Stephen Koh
Brief Biography
ASP Koh joined the Force as a constable on April 16, 1962 and served at Geylang Police Station. He later moved on to the Police Coast Guard and then to his legendary stint with the PTT. He retired as OC Fitness and Training, Police Academy and then from 2005 was attached to AETOS where he was trainer. He was last interviewed on video for the documentary – My Police Academy: 1929 – 2005. He passed away on 27 February 2010, at the age of 66.

During its 76-year history, the Police Academy has seen thousands of officers pass through its gates. The times, uniforms, skills, training and people have changed but the Police Academy at Thomson Road, as a training ground remained the same.

From shooting, fitness, classroom to the morning parade call, it captures the everyday life of a trainee. Police officers reminisce trainee life in the 60s, describe changes in training philosophy, and recount romance and friendship in the Academy’s rustic environment.

Women Deliver 2010, a global conference to be held in Washington DC on June 7-9, will focus on the theme: Delivering solutions for girls and women. The conference will further prove that maternal and reproductive health needs to be a global priority, and it will move the dialogue to the global arena with two strong messages:

The Millennium Development Goals (MDGs) will not be achieved without investing in women.
There is just enough time, if the world commits funding now, to achieve MDG5.
Women Deliver is committed to making this conference accessible to individuals from the 68 priority countries being tracked by Countdown 2015. Women Deliver will offer full conference scholarships to selected candidates.

Priority will be given to applicants who meet one or more of these criteria:

A current resident and national of a country on this list of 68 priority countries
Working in the health and development field, with a focus on women’s health, education, labor, and/or rights, either on a professional or volunteer basis
A youth participant (below the age of 30 years)
PLEASE NOTE: To be eligible for this scholarship, Women Deliver must receive your completed application online on or before the deadline of December 15, 2009.

Scholarship Awards
Scholarship recipients will be notified via email no later than February 1, 2010. If a scholarship recipient cannot accept the award, they are required to notify the conference planner as soon as possible. Scholarships are NOT transferable. Applicant must be present during the entire period of the conference.

End users — god bless ‘em. You can’t live with ‘em — but without them, you wouldn’t have a job. They’re the reason you have an IT infrastructure; they’re also the single greatest threat to the security of that infrastructure.

Because, in the end, most users have no idea how dangerous their online behavior is.

No matter how many times they train them, no matter how many classes they hold, most IT professionals still watch helplessly as end users introduce new malware because they “just couldn’t resist looking at the attachment.” Security pros cringe as their users download software for personal use, turn off firewalls to speed up a connection, or leave their passwords stuck to their laptops.

Wouldn’t it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?

We thought so, too. The following is our list of “The Ten Most Dangerous Things Users Do Online,” along with some explanation of the risks — and solutions — associated with each. This list was generated directly from input we’ve received from IT people like you, and is arranged in descending order of danger, based on votes received from the experts and analysts who make up Dark Reading’s editorial advisory board.

Stick this up on the door to your office. Better yet, stick it up on the company bulletin board — or post it directly to each of your users. If it keeps one user from making a big mistake, then we’ll have done our job — and so will you.

1. Clicking on email attachments from unknown senders

We know, we know. Haven’t we beaten this one to death already? With all the computer training courses, news reports, magazine articles, and memos from the IT department, are there any users left out there who don’t know they aren’t supposed to open email attachments from strangers?

Apparently, there are. IT managers, consultants, and other experts maintain that of all the dangerous things corporate end users do, opening email attachments is still the most potentially damaging. Even with today’s new range of exploits, email attachments are still the most likely means of contracting viruses, worms, Trojan horses, and other infections. And because these attachments usually contain applications or executable files, they have the greatest potential to instigate the complete takeover — or destruction — of an enterprise PC.

But shouldn’t end users know this by now? An August survey by security software vendor Finjan offers an interesting perspective. In a straw poll of 142 U.K. office workers, Finjan found that 93 percent of respondents knew that attachments and links found in email messages could contain spyware or other forms of malicious code embedded in them.

The problem isn’t that users don’t know the risks — it’s that they can’t help themselves, Finjan said. In the survey, 86 percent of the workers admitted they open attachments and click on links without being sure if it’s safe to do so. And despite frequent warnings, 76 percent of those surveyed said they routinely open what they assume to be viral marketing files, such as funny videos, jokes, or Websites.

“It’s still the most dangerous thing end users do,” says Richard Stiennon, founder of IT-Harvest, an IT consulting firm.

2. Installing unauthorized applications

What do you mean, “no IM?”

If you’re like many organizations today, prohibiting instant messaging is out of the question. IM is rapidly becoming a standard corporate communication tool, even as the number of IM exploits rises. Like any other peer-to-peer application, instant messaging comes with some serious risks, but once your users are hooked on IM, they are hooked.

“IM is too useful to completely restrict. If you try to lock it down, but don’t provide any outlet for employees to stay in touch with the outside world, users will find a way around your security policy,” says Thomas Ptacek, a researcher with Matasano Security. “It’s 2006. Your users are going to use IM.”

IM isn’t the only peer-to-peer app your users may be installing on their desktops. There’s Kazaa and other free file-sharing utilities that let users share documents, software, and music. But this freedom has its cost. “These applications can increasingly be the source of new viruses,” says Rob Enderle, principal analyst with the Enderle Group, an IT consultancy.

And like other unauthorized or unregulated communication, P2P apps create the risk of bad stuff coming in and sensitive corporate or personal stuff going out.

It’s safest to standardize on one of the popular IM platforms, such as AIM and MSN, for instance, says Ptacek. “The only question is whether you’re going to be able to monitor and control it or not.”

The best defense is to ensure users have only user — not admin — privileges on their machines, says Daniel Peck, a security researcher with SecureWorks. And have a written corporate policy about what users can and can’t do with these apps.

“And never install programs unless you know what they do, whether they are ‘comm’ programs or otherwise,” says Gary McGraw, CTO of Cigital.

Your desktop firewalls can block specific ports, for instance, and a host-based IPS can also help you lock down your desktops. “But that’s not foolproof,” warns Peck. If your organization can’t live without instant messaging, you can require IM sessions to be encrypted, he says.

3. Turning off or disabling automated security tools

It still happens: A user, frustrated by the slow performance of an ISP link or the constant exclusion of specific types of files, finds a way to turn off the firewall on his remote PC — or even at a branch office. Then, as if that’s not bad enough, he “forgets” to turn the firewall back on, leaving that site open to all sorts of attacks until someone from IT finally recognizes the problem and reactivates the barrier.

And it isn’t just firewalls: Every day, users reschedule automated virus updates, remote security patch installations, or requests to change their passwords. Security stuff, they say, is an administrative hassle and keeps them from doing their “important” work.

The disabling of carefully-evaluated, state-of-the-art security technology might be the most dangerous thing that users regularly do, according to the Enderle Group’s Enderle. “This is what keeps many of us [IT and security professionals] up at night,” he says. “Security applications take some overhead and may lower performance [of the end station]. Folks will turn them off as a result.”

Cigital’s McGraw agrees. “Sometimes you just have to postpone the old monolithic virus scan so you can get some work done,” he notes. “There’s always a tradeoff — make sure you make the right one.”

Most enterprise firewalls and antivirus applications now contain configuration options that enable IT to eliminate the “turn it off” option from the user’s desktop, McGraw observes. In many cases, it may be better to force the user to accept a patch or a slow ISP connection — and deal with the complaints — than to leave the company’s systems open to remote attack, experts say.

4. Opening HTML or plain-text messages from unknown senders

While most end users today are aware, if not respectful, of the dangers associated with opening email attachments from strangers, many are not aware of the threats that may lie in a normal, everyday text or HTML message that contains no enclosure. Most of these users are those who have not updated their computer training lately, and still labor under the illusion that only email attachments can contain malware.

Many experts now believe that HTML mail poses a threat that may eventually be as serious as the traditional email attachment. HTML text — and increasingly, images — can be infected with spyware, and in some cases, executable code. In July, experts at iDefense Labs, the security research arm of Verisign, discovered a new, relatively simple method of embedding shell code into commonly-loaded Web images, such as computer graphics, online photos, or PDF documents. (See Lethal Shell Game.)

HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a PC or turn into a botnet zombie, noted Finjan, in a White Paper issued last month. “The vast majority of Web pages contain one or more types of active content, with an unmistakable trend toward increasing use of active content in Web pages,” the company said.

In a study of the Web surfing habits of some 15,000 business users, Finjan found that about 6.9 percent of HTML traffic contained at least one content type that violated the security policy of the enterprise involved. Studies such as these have caused some enterprises to restrict the use of HTML email, or even disallow it altogether.

“There is plenty of active-content spam out there, and phishers use it, too,” says Cigital’s McGraw. “When in doubt, delete it without looking at it. If it’s important, real mail, the sender will try again — or maybe even pick up the phone.”

5. Surfing gambling, porn, or other legally-risky sites

One of the oldest abuses of corporate Internet links, the downloading of porn, gambling and other objectionable data is another still-popular activity that falls into the “I thought we had that fixed” category.

Most companies today have established that such content, even when technically legal for consumers, could create a hostile working environment for employees, subjecting the company to legal or punitive action. Any human resources department will tell you that these pursuits are a major no-no, and most IT professionals will tell you that they have deployed some sort of content filter to restrict access to objectionable content.

However, the problem still runs rampant in some organizations. In fact, an investigation of the U.S. Department of the Interior published last month turned up some alarming data regarding the online surfing habits of its 80,000 employees.

In a study of one week’s worth of computer logs, the U.S. Office of the Inspector General (OIG) discovered over one million log entries in which 7,763 DOI computer users spent more than 2,004 hours accessing game and auction sites. Extrapolated over the course of a year, these shopping and gaming binges could account for 104,221 hours of lost productivity — more than $2,027,887 in lost costs, the OIG said.

The OIG found that a significant number of employees were accessing pornographic sites, many for periods of 30 minutes to an hour. Four employees were found to have downloaded egregious volumes of pornography, including child pornography, and each was prosecuted and sentenced for anywhere from 10 months to eight years in jail.

The DOI had implemented Website monitoring and blocking software, but users were still able to get around it, the OIG said. In a final spot check of the DOI systems in August, OIG investigators were able to access both pornographic and gambling sites on three of the department’s four main computer systems, despite the presence of content filtering and blocking tools.

Online gambling and pornographic sites also are “becoming a frequent source of infection via drive-by downloads and zero-day exploits,” observes Richard Stiennon, president of IT-Harvest.

6. Giving out passwords, tokens, or smart cards

The password problem is as old as computers themselves. Despite years of trying, however, no one has come up with a workable solution.

In a study published just this week by global research firms Nucleus Research and KnowledgeStorm, companies’ attempts to tighten IT security by regularly changing and increasing the complexity of passwords is having no impact on security.

Despite years of IT warnings to the contrary, about one in three people still write down their computer passwords somewhere near the machine, either on a piece of paper or in a text file on a PC or mobile device, the researchers said.

“This is really a lot like Mom and Dad buying a great new security system for the house, and Junior leaving the combination under the doormat,” said David O’Connell, senior analyst at Nucleus Research, in a published interview. “Passwords are high maintenance. People forget them, people lose them, they have to be reset.”

Some experts also say that employees can be too trusting of acquaintances, colleagues, and family members who may “borrow” their passwords or authentication tokens, exposing them even more broadly to loss or theft. This is a particular risk among telecommuters or road warriors who may give out their passwords to help a friend or relative. “You might trust the employee, but you have to draw the line at friends and family,” says one expert.

The researchers at Nucleus Research and KnowledgeStorm suggested that enterprises should look to increasingly improving authentication technologies, such as single sign-on and biometrics, as potential answers to the age-old problem of password management. Online payment vendors Pay By Touch and UPEK earlier this month unveiled a finger-sensor payment service, TrueMe, which lets users access account information through a biometric fingerprint scanner. (See Power Pay.)

7. Random surfing of unknown, untrusted Websites

Browser-based vulnerabilities are becoming one of the most popular targets of attackers on the Web. Just ask Microsoft and Mozilla, which have been busy patching new vulnerabilities the past few months. If your organization gives users free reign to surf the Web during or after business hours from the corporate network, beware.

In addition to the well-documented cross-site scripting (XSS) vulnerabilities floating around, there’s also a lot of adware and spyware. (See Hackers Reveal Vulnerable Websites .) You shouldn’t put it past that 20-something intern to download some free music, for instance, and inadvertently contract some malware as a result.

Even if your corporate policy restricts Web access, the 20-somethings may not honor it. “This is something that young employees, bored security guards, and interns are more likely to do,” says the Enderle Group’s Enderle. “It’s an attractive nuisance, and one of the reasons for a proxy server.”

Internet Explorer 7.0, which was released by Microsoft yesterday, and the new upcoming Firefox 2.0 are expected to help browser security — at least until attackers start cracking them. But that may be wishful thinking: IE7′s first bug was reported just hours after it went live last night, although Microsoft says the issue is a component in Outlook Express rather than in IE7.

“Attackers have started to compromise enterprises through the use of browser-based and other client-side vulnerabilities,” says David Goldsmith, president of Matasano Security. “This also applies to home users who are becoming increasingly more security-savvy. Hopefully, the releases of Internet Explorer 7.0 and Firefox 2.0 will make it even more challenging for attackers to compromise the browser.”

So if you’re going to restrict Web access, how do you determine what sites you can trust or not? “If you’re really paranoid, surf with active content disabled, use Opera or Firefox, and run your browser with very little permission,” says Cigital’s McGraw.

8. Attaching to an unknown, untrustworthy WiFi network

There’s nothing more soothing than a good cup of java (lower-case) and a free WiFi connection at your local coffee shop. But watch that guy at the booth next door — he may be hacking into your laptop over that very same WiFi link.

Your users are even more at risk if their wireless card uses the Wireless Access Protocol (WAP), which is notoriously simple to hack. A hacker can use a sniffer and grab your corporate user name and password, for instance, or infect you with a worm, says Daniel Peck, a security researcher with SecureWorks.

Even if they’re only sipping coffee and working offline, an attacker could use your employee’s wireless card to access his machine — and eventually, your corporate network.

It’s tempting for a user on the road to jump on the closest WiFi connection they pick up while waiting at the airport or some other public place. “There is no way of ensuring that the networks they connect to aren’t run by a malicious attacker,” says Matasano Security’s Goldsmith. “While the unsuspecting user surfs the Web, an attacker could be using a man-in-the-middle attack to monitor their traffic — or even worse, use a client side attack toolkit to compromise their machine.”

A personal firewall can help, says the Enderle Group’s Enderle — as long as your users keep it turned on, that is.

“Attach away. Just tunnel through with SSH or a VPN client,” says Cigital’s McGraw. “Also be aware of low-level attacks, and don’t do anything too sensitive.”

But the only way to ensure that your users won’t get hacked via WiFi is to have them disable their wireless card altogether while they work from public places, says Matasano Security’s Ptacek. “The safest reasonable attitude right now is that even browsing available wireless networks is risky.”

9. Filling out Web scripts, forms, or registration pages

If your users could actually see a hacker looking over their shoulder as they logged onto a Website or typed sensitive data into a registration page, maybe then they would think twice. But since keyloggers and XSS don’t have a human face, you’d better hope your users are hanging out on SSL-secured sites — and know just what constitutes sensitive corporate data.

Users are more likely to get hacked if they use the same username and password for most every site they visit — a habit that puts their personal data in jeopardy, as well as the company’s.

And even a trusted site can have an XSS exploit embedded in it. All it takes is for a user to read a message on a bulletin board post that contains malware, and an attacker could gain control of the user’s browser session.

Remote sessions should be encrypted using SSL. But SSL isn’t foolproof — it has its own litany of problems and weaknesses, such as its susceptibility to man-in-the-middle attacks and keystroke loggers. “SSL has had some issues, but it’s the best thing out there,” says SecureWorks’ Peck.

But the bottom line is that consumers are more likely to enter sensitive data into Web scripts or registration pages than enterprise users, says the Enderle Group’s Enderle. “Employees seldom have the opportunity to do this,” he says. “Of course, we probably

10. Participating in chat rooms or social networking sites

The very same parents who frantically try to keep their kids off of MySpace are now flocking to business social networking sites like LinkedIn, either from home or at the office. They join a colleague’s “network” on LinkedIn, post messages, and maintain their own presence on the site. That’s much safer than MySpace, because it’s just like a professional organization, right?

Wrong. Social networking sites are a social engineer’s dream come true.

“The biggest security challenges businesses face with business social networking like LinkedIn is the sheer amount of information that a social engineer can learn by doing simple searches,” says Matasano Security’s Goldsmith. “Attackers can find out who your business partners, vendors, and clients are simply by viewing your shared connections.”

There’s simply no way for LinkedIn and other sites to validate a member’s employment record, so an attacker can claim to work at Matasano and find out which current and past employees are on the site. “Services like LinkedIn try to guard sensitive employment information by restricting it to colleagues — you have to have worked with Dave Goldsmith before to be able to click on him and see his work history, or have him come up in a search for ‘Matasano,’” says Matasano’s Ptacek. “But anyone can sign up to LinkedIn and claim to have worked for Matasano.”

Users can also inadvertently leak sensitive company data in a message board post with a buddy, for instance. It may reach eyes for which it wasn’t intended, or they may not realize that chatting about what they’re doing at work today may lead to a corporate data breach. “It’s different than having drinks with a buddy after work,” says SecureWorks’ Peck.

Aside from a chatty user, a browser can also be a weak link. “ActiveX controls and their browser can be used by an attacker to get into the corporate network,” Peck says. “There are a lot of Web app vulnerabilities we’ve seen.”

Even if you have a “closed circle,” that doesn’t mean you don’t touch the outside world. Just clicking onto the site of a buddy’s buddy can get you into security trouble. “Every subpage you go to in LinkedIn or MySpace is like going to a whole different Website,” Peck says. “It’s most risky when you’re going to the sites of people you don’t know.”

Aside from the social engineering threat, there’s also the very real threat of getting infected with XSS, keyloggers, worms, and spyware (just ask MySpace users). “There’s going to be vulnerabilities in the software,” Peck says.

If an enterprise allows access to social networking sites, it must ensure that users are wary of who they’re communicating with and what type of sensitive information they may be exposing. The bad news is you may not know until it’s too late.

“You should assume that anything you post to a social networking site is public,” says Matasano’s Ptacek.

The word is out on the Internet – put your novel up for sale on a website, and you might just be the next Dan Brown or J.K. Rowling.

Lending a hand are United States-based websites like Lulu.com and BookSurge which give wannabes an online store for their works. These e-publishers – also known as print-on-demand publishers – offer e-books for download, and print a copy when a customer orders it. The cover price is set by the author though the websites usually set a minimum price, depending on the number of pages in the book.

Unlike traditional publishers, they rarely say no to a manuscript, giving everyone a chance to become a published author. For that, you pay up to US$700 (S$980), depending on whether you take up optional services like editing and cover design.

Some first-time writers here have clicked on to this option. Mr Dwayne Tan, who lived in New York for several years, recently used Lulu to publish My Cup Of Teh-O, a 200-page narrative loosely based on his exploits in the Big Apple.

The 32-year-old full-time actor did not have to pay even a cent – he did his own cover art, editing and formatting. ‘I wanted to release the book to an international market, not just a Singaporean one.’

Another Singaporean, Mr Ganga Sudhan, 33, paid about US$300 to put up his work on BookSurge, owned by Internet giant Amazon.

He wrote The Unofficial Police Handbook last year, detailing his experiences as a police officer.

For some, e-publishing is an easy way to create mementoes. One Singaporean, who declined to be named, published a collection of his personal writings using BookSurge. The consultant with a global IT firm ordered 200 hardcover copies at US$30.95 each and gave them to friends at his 50th birthday party two years ago. ‘It was all for fun, nothing more,’ he said.

While e-publishing is relatively new in Singapore, self-publishing has been around for years. A host of websites and local printing houses offer book binding and design services – for a hefty fee. Mr Ganga paid $5,500 to a local printer to produce 5,000 copies of his online book, of which he has since sold 2,000.

Traditional publishers cover the cost of producing and distributing a book. But it is difficult to get them to bite. Even when they do, writers typically get only 10 per cent of the cover price when a book is sold.

BookSurge gives up to 35 per cent in royalties, while Lulu offers 40 per cent for paperbacks and a whopping 75 per cent for e-book downloads. Like traditional publishers, both also allow authors to keep all intellectual rights associated with their works.

‘We’re seeing authors who have had success with the traditional publishing model coming to Lulu because they’re ready for something new and want a better option,’ said Lulu spokesman Jonathan Cox.

There are success stories, like Singaporean Goh Koon Hoek whose instructional book e-Start Your Web Store With Zen Cartsold 8,000 copies, earning him some $196,000 in revenue. But turning an e-published book into a bestseller is still a long shot at best. At Lulu, new content is published every two minutes, making it tough for newbies to get noticed. In Singapore, the National Library Board estimates that about 900 to 1,000 local English titles see print every year.

Experts say the lack of marketing, critical reviews and editorial support makes it even harder for e-authors to attract mainstream readers.

Said Mr R. Ramachandran, executive director of Singapore’s National Book Development Council: ‘For e-publishing, there is no one to check your facts or even do a spell-check.

‘But it does create a great platform for people who want to blow off some creative steam. Who knows, if it’s a powerful story which generates enough interest, publishers will pick it up eventually.’

With Armistice Day fast approaching a JISC project team has taken an unusual
approach to ensuring that people continue to learn about the First World War.

The First World War Poetry Digital Archive and the Learning Technologies
Group at Oxford University have collaborated on an exciting new venture in
the 3D virtual world Second Life to simulate areas of the Western Front
1914-18. The team believes this is the first time anything of its kind has
been done on Second Life.

Visitors to the virtual trenches can explore digitised archival materials
like poetry manuscripts, letters and diaries from the major poets of the
First World War as they walk around a training camp, a trench network and No
Man’s Land dressed as a soldier or a nurse. The terrain is waterlogged and
difficult to navigate, rife with rats and littered with poppies; moving
nearer to the front line the clamour of shell blasts and artillery fire
becomes louder and louder.

The resources include works by Wilfred Owen, Isaac Rosenberg and Vera
Brittain, along with contextual primary source materials. These materials
have been supplemented with new interpretative content and a spectrum of
interactive tools and tutorials, streaming video and audio effects.

The artefacts have been drawn from the highly successful First World War
Poetry Digital Archive, launched in 2009 to mark the 90th anniversary of the
end of the war. By placing them in an online virtual model the collection is
made even more useful and engaging to a range of different user groups
across UK education sectors, research communities and the heritage industry.

Ben Showers, digitisation programme officer at JISC, said: “The First World
War Digital Poetry Archive is constantly pushing the boundaries of what it
means to be an academic archive, and now users are able to interact with the
collections and materials. JISC funding for this additional virtual
environment means students, researchers and everyone interested in this
material can collaborate and become immersed in the world of the Western
Front to experience the immediate context of these manuscripts and poems
like never before.”

As guests explore the simulation, they can listen to the voices of veterans
recounting their experiences of the war, watch original film footage from
the time, and learn about life on the Western Front. Within this context
they can encounter some of the most powerful poetry in English literature by
handling the original manuscripts, turning the pages of the poet’s war
diaries and letters, and listening to readings.

Dr Stuart Lee, lecturer in English at Oxford University, said: “Attempting
to form the context of a particular piece of literature is a key critical
approach in the discipline, which normally involves studying secondary
material, or in rare case, site visits. By piloting the use of Second Life,
the First World War Poetry Archive is approaching this in an innovative way.
More importantly it is showing how new technologies (virtual worlds) can be
utilised to provide more interesting access to key research and teaching
resources.”

At the end the visitor is teleported out of the trenches to a teaching area.
Here they are asked to consider the memory of the war, and to confront their
own prejudices and stereotypes – was the war really all about trenches, mud,
and rats, or are their other aspects to it that we now need to consider?
Should it only be remembered as mass slaughter, a gross act of futility, or
more a collective act of unparalleled heroism that ended ultimately in a
victory for Britain and its allies?

Kate Lindsay, project manager, said: “Virtual worlds create opportunities to
do things that are impossible in real museums. By simulating parts of the
Western Front, we can embed an entire exhibition’s worth of content within
in the space. This can be further enhanced by placing digital versions of
real archival materials and narratives along the paths that visitors take.
The result is an immersive and personal experience. It’s not ‘real’ but it
does offer possibilities for understanding a part of history that is now
beyond human memory.”

“Ours is a world that is both everywhere and nowhere, but it is not where bodies live. We are creating a world that all may enter without privilege or prejudice accorded by race, economic power…” Blah, blah, blabbity, blah, blah.

So wrote John Perry Barlow, dubbed cyberspace’s Thomas Jefferson by Yahoo Internet Life Magazine, in his “A Declaration of the Independence of Cyberspace,” a 1996 manifesto circulated through e-mail and posted on thousands of sites. And while assistant science and technology professor at Rensselaer Polytechnic Institute Rayvon Fouché appreciates Barlow’s “neo-utopian” view, he contends, “it’s impossible to create any world devoid of the powerful social and culture factors of race, gender, and class.”

To Fouché, the Net is a technology saturated with racial ideologies. In his recently published book,Black Inventors in the Age of Segregation: Granville T. Woods, Lewis H. Latimer, and Shelby J. Davidson, he examines the relationship between race and technology. He divides technology into three parts: the physical material it’s made of, the way it’s used, and the knowledge or ideas that drive its design and production. In Black Inventors, he looks at how three prominent 20th century black inventors struggled to contribute to the history of technological innovation during a period of escalating racial tensions. In Fouché’s opinion, the same factors that influenced who could invent during the early 1900’s—race, class, and gender—still affect the field of engineering and other spheres of technological innovation today.
The Internet, says Fouché, is not as race- or class-free as cyber-utopians such as Barlow once thought it was. Sure, says Fouché, he can log onto the Net as a 50-year-old South Asian woman and no one would be the wiser. Or he could sign on as the African-American he really is, or morph into a single Latina mother, or how about a teenage valley girl with a crush on Josh HotNet? True, he has the freedom “to express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity…” (Barlow). The notion that digital media such as the weblog provide a publishing platform for the masses has inspired flights of Net pundit idealism.

Nonetheless, as Fouché points out, “You have to have access to a computer” to join Barlow’s online utopia, and race and class have proven to be barriers to getting wired. According to a 1999 U.S. Department of Commerce study, “Black households […] continue to trail white households in their access to computers and the Internet.” And in a 2003 Pew Internet and American Life report, researchers say “being white is a strong predictor of whether a person is online, controlling for all the other demographic variables” such as having a college degree, being a student, being employed, and having a comfortable household income. This is where Barlow’s manifesto and the promises of overly optimistic Net promoters like him start to break down.

That said, a 1999 Cyber Dialogue survey found that 4.9 million African-American adults were online, more than any other U.S. minority group. However, while that figure represents 28% of the black population in America, it’s still a smaller piece of the demographic pie than the 37% of adult whites who were online in ‘99.

Furthermore, the growth of the African-American population online has largely resulted, not in the creation of a color-blind utopia, but in the targeting of blacks as consumers.

Take America Online: According to Target Market News, AOL commissioned a national survey through Digital Marketing Services, Inc. (DMS) and found African-Americans to be “active online consumers, who respond more to online offerings and purchase more clothing and music online than the general online population.” Tapping into this consumer base, AOL recently purchased BlackVoices.com, one of the largest online African-American communities. Target Market News reports that AOL plans to aggressively develop an African-American strategy that will involve its Africana.comsite as well.

Buyer Beware

Targeting African-Americans for consumer purposes isn’t just a Net thing. According to Fouché, it permeates technological culture. It’s a common misconception, he claims, that black people are best suited to consuming, and that they only use technologies, rather than creating them.

Worse yet, argues Fouché, since our technology is created by and for white males, blacks and other ethnic minorities are left to passively consume the products of this mindset, such as violent, hypermasculine videogames that offer players fantasies of domination and power—games like Half-Life, Medal of Honor, and Return to Castle Wolfenstein.

“It’s very infrequent that…corporations come into the black community saying ‘So, what are your needs?,’” says Fouché. “There [must] be more black engineers and designers that will say, ‘Well, what about my people?’”

The answer, for Fouché, is to get more African-Americans into technical institutes such as RPI, Massachusetts Institute of Technology, and California Institute of Technology, schools he hopes will produce the next, racially diverse generation of scientists and engineers.

“For the last decade, the black student population [at RPI] has been about 4 percent, never getting higher or any lower,” Fouché laments.

But why push African-Americans into fields and institutions he believes are built on a Western mindset fraught with racist assumptioms?

“It’s impossible to extract oneself from the influences of Western culture,” says Fouché, “but to be in a position to make counter-hegemonic responses to your oppressive condition, you have to first deeply understand the system that oppresses you.” Then and only then, he asserts, can you “make technological decisions based on a set of priorities (racial, ethnic, cultural or otherwise).”

Racism? What Racism?

For the most part, says Fouché, “the black community doesn’t see technology as an ideological force affecting their lives.” They easily recognize racial representations like the minstrel show, he notes, but as we move into the digital realm, racial ideologies and even the loss of black culture are not so easily recognizable.

In an ongoing project that examines the shift from analog to digital technology, Fouché looks at the hip-hop art of “scratching,” a black cultural practice popular in New York City during the late 70’s and early 80’s. Turntables were originally an analog technology, “but once you go from analog turntables and vinyl [records] to digital turntables and cd-roms, the cultural practice is condensed into algorithms,” he says. Scratching on a digital turntable is based not on the artist’s gestures, notes Fouché, but on a software programmer’s representation of what scratching sounds like.

“That’s where it gets very scary,” he says. “This cultural practice that has a long tradition is reduced to lines of code, and by reducing it to lines of code, you lose the people and you lose the black culture.”

Fortunately, technology is redeemable. Recently, Fouché also co-edited, with cultural critic and Associate Professor of Science and Technology Studies at RPI Ron Eglash,Appropriating Technology: Vernacular Science and Social Power, an anthology of essays that examine the ways in which “outsiders,” such as Latinos, blacks, homosexuals, and women, reinvent consumer products, from low-rider cars to turntables to cell phones, and thereby “defy the notion that they are merely passive recipients of technological products.”
In his introduction, Eglash describes how Native American artist Sharol Graves, for example, reinvented CAD/CAM software, originally intended for computer circuit design, and used it for herIndian design drawings. Eglash quotes Graves as saying, “I wanted the public to know that a Native American was working in the research and development of high technology, just to blow a few stereotypes about the ‘Indian Mind.’” Appropriating technology, as Graves does, yields strategies for strengthening cultural identity, argues Eglash.